<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2800.1106" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial color=#000080 size=2>
<DIV><FONT face=Arial size=2><SPAN class=366363609-22042005>Hello
everybody.</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=366363609-22042005></SPAN></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN class=366363609-22042005>I am trying to
established a vpn connections between two linux suse 9.2 with openswan
2.3.1.</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=366363609-22042005>One linux server is
behind an adsl router and the another linux is behind
another.</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=366363609-22042005></SPAN></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN class=366363609-22042005>Is there a good
guide or example that explains how configure this?</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=366363609-22042005></SPAN></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN class=366363609-22042005>I have my current
configuration with PSK authentication. </SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=366363609-22042005>Here are the traces
of one of the linux: It sends "phase 1 I ident" and "receives a phase R ident"
but it seems not to </SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=366363609-22042005>authenticate the
preshared secret.</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=366363609-22042005></SPAN></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN class=366363609-22042005>ipsec.secret on
linux 1:</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=366363609-22042005>192.168.254.3
a.b.c.d : PSK "mysecret"</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=366363609-22042005>ipsec.secret on
linux 2:</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=366363609-22042005>192.168.250.3
e.f.g.h : PSK "mysecret"</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=366363609-22042005></SPAN></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN class=366363609-22042005>a.b.c.d is the
public ip of adsl router 1</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=366363609-22042005>e.f.g.h is the
public ip of adsl router 2</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=366363609-22042005></SPAN></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN
class=366363609-22042005></SPAN></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN class=366363609-22042005>Apr 22 12:07:41
backup pluto[2094]: | *received 136 bytes from a.b.c.d:500 on eth0
(port=500)<BR>Apr 22 12:07:41 backup pluto[2094]: | **parse ISAKMP
Message:<BR>Apr 22 12:07:41 backup pluto[2094]: | initiator
cookie:<BR>Apr 22 12:07:41 backup pluto[2094]: | 98 11 e5 30
51 e5 bf 64<BR>Apr 22 12:07:41 backup pluto[2094]: | responder
cookie:<BR>Apr 22 12:07:41 backup pluto[2094]: | 6a 01 af 33
59 92 35 94<BR>Apr 22 12:07:41 backup pluto[2094]: | next
payload type: ISAKMP_NEXT_SA<BR>Apr 22 12:07:41 backup pluto[2094]:
| ISAKMP version: ISAKMP Version 1.0<BR>Apr 22 12:07:41 backup
pluto[2094]: | exchange type: ISAKMP_XCHG_IDPROT<BR>Apr 22
12:07:41 backup pluto[2094]: | flags: none<BR>Apr 22 12:07:41
backup pluto[2094]: | message ID: 00 00 00 00<BR>Apr 22
12:07:41 backup pluto[2094]: | length: 136<BR>Apr 22 12:07:41
backup pluto[2094]: | ICOOKIE: 98 11 e5 30 51 e5 bf 64<BR>Apr 22
12:07:41 backup pluto[2094]: | RCOOKIE: 6a 01 af 33 59 92 35
94<BR>Apr 22 12:07:41 backup pluto[2094]: | peer: 51 21 19 8a<BR>Apr 22
12:07:41 backup pluto[2094]: | state hash entry 13<BR>Apr 22 12:07:41 backup
pluto[2094]: | state object not found<BR>Apr 22 12:07:41 backup pluto[2094]: |
ICOOKIE: 98 11 e5 30 51 e5 bf 64<BR>Apr 22 12:07:41 backup
pluto[2094]: | RCOOKIE: 00 00 00 00 00 00 00 00<BR>Apr 22 12:07:41
backup pluto[2094]: | peer: 51 21 19 8a<BR>Apr 22 12:07:41 backup
pluto[2094]: | state hash entry 2<BR>Apr 22 12:07:41 backup pluto[2094]: | peer
and cookies match on #1, provided msgid 00000000 vs 00000000<BR>Apr 22 12:07:41
backup pluto[2094]: | state object #1 found, in STATE_MAIN_I1<BR>Apr 22 12:07:41
backup pluto[2094]: | processing connection linux1-linux2</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=366363609-22042005>Apr 22 12:07:41
backup pluto[2094]: | ***parse ISAKMP Security Association Payload:<BR>Apr 22
12:07:41 backup pluto[2094]: | next payload type:
ISAKMP_NEXT_VID<BR>Apr 22 12:07:41 backup pluto[2094]: |
length: 52<BR>Apr 22 12:07:41 backup pluto[2094]: | DOI:
ISAKMP_DOI_IPSEC<BR>Apr 22 12:07:41 backup pluto[2094]: | ***parse ISAKMP Vendor
ID Payload:<BR>Apr 22 12:07:41 backup pluto[2094]: | next
payload type: ISAKMP_NEXT_VID<BR>Apr 22 12:07:41 backup pluto[2094]:
| length: 16<BR>Apr 22 12:07:41 backup pluto[2094]: | ***parse
ISAKMP Vendor ID Payload:<BR>Apr 22 12:07:41 backup pluto[2094]:
| next payload type: ISAKMP_NEXT_VID<BR>Apr 22 12:07:41 backup
pluto[2094]: | length: 20<BR>Apr 22 12:07:41 backup
pluto[2094]: | ***parse ISAKMP Vendor ID Payload:<BR>Apr 22 12:07:41 backup
pluto[2094]: | next payload type: ISAKMP_NEXT_NONE<BR>Apr 22
12:07:41 backup pluto[2094]: | length: 20<BR>Apr 22 12:07:41
backup pluto[2094]: "linux1-linux2" #1: received Vendor ID payload [Openswan
(this version) 2.3.1 X.509-1.5.4 PLUTO_SENDS_VENDORID
PLUTO_USES_KEYRR]<BR>Apr 22 12:07:41 backup pluto[2094]: "linux1-linux2" #1:
received Vendor ID payload [Dead Peer Detection]<BR>Apr 22 12:07:41 backup
pluto[2094]: "linux1-linux2" #1: received Vendor ID payload [RFC 3947] method
set to=109<BR>Apr 22 12:07:41 backup pluto[2094]: | ****parse IPsec DOI
SIT:<BR>Apr 22 12:07:41 backup pluto[2094]: | IPsec DOI SIT:
SIT_IDENTITY_ONLY<BR>Apr 22 12:07:41 backup pluto[2094]: | ****parse ISAKMP
Proposal Payload:<BR>Apr 22 12:07:41 backup pluto[2094]: |
next payload type: ISAKMP_NEXT_NONE<BR>Apr 22 12:07:41 backup pluto[2094]:
| length: 40<BR>Apr 22 12:07:41 backup pluto[2094]:
| proposal number: 0<BR>Apr 22 12:07:41 backup pluto[2094]:
| protocol ID: PROTO_ISAKMP<BR>Apr 22 12:07:41 backup
pluto[2094]: | SPI size: 0<BR>Apr 22 12:07:41 backup
pluto[2094]: | number of transforms: 1<BR>Apr 22 12:07:41
backup pluto[2094]: | *****parse ISAKMP Transform Payload (ISAKMP):<BR>Apr 22
12:07:41 backup pluto[2094]: | next payload type:
ISAKMP_NEXT_NONE<BR>Apr 22 12:07:41 backup pluto[2094]: |
length: 32<BR>Apr 22 12:07:41 backup pluto[2094]: | transform
number: 0<BR>Apr 22 12:07:41 backup pluto[2094]: | transform
ID: KEY_IKE<BR>Apr 22 12:07:41 backup pluto[2094]: | ******parse ISAKMP Oakley
attribute:<BR>Apr 22 12:07:41 backup pluto[2094]: | af+type:
OAKLEY_LIFE_TYPE<BR>Apr 22 12:07:41 backup pluto[2094]: |
length/value: 1<BR>Apr 22 12:07:41 backup pluto[2094]: | [1 is
OAKLEY_LIFE_SECONDS]<BR>Apr 22 12:07:41 backup pluto[2094]: | ******parse ISAKMP
Oakley attribute:<BR>Apr 22 12:07:41 backup pluto[2094]: |
af+type: OAKLEY_LIFE_DURATION<BR>Apr 22 12:07:41 backup pluto[2094]:
| length/value: 3600<BR>Apr 22 12:07:41 backup pluto[2094]: |
******parse ISAKMP Oakley attribute:<BR>Apr 22 12:07:41 backup pluto[2094]:
| af+type: OAKLEY_ENCRYPTION_ALGORITHM<BR>Apr 22 12:07:41
backup pluto[2094]: | length/value: 5<BR>Apr 22 12:07:41
backup pluto[2094]: | [5 is OAKLEY_3DES_CBC]<BR>Apr 22
12:07:41 backup pluto[2094]: | ******parse ISAKMP Oakley attribute:<BR>Apr 22
12:07:41 backup pluto[2094]: | af+type:
OAKLEY_HASH_ALGORITHM<BR>Apr 22 12:07:41 backup pluto[2094]: |
length/value: 1<BR>Apr 22 12:07:41 backup pluto[2094]: | [1 is
OAKLEY_MD5]<BR>Apr 22 12:07:41 backup pluto[2094]: | ******parse ISAKMP Oakley
attribute:<BR>Apr 22 12:07:41 backup pluto[2094]: | af+type:
OAKLEY_AUTHENTICATION_METHOD<BR>Apr 22 12:07:41 backup pluto[2094]:
| length/value: 1<BR>Apr 22 12:07:41 backup pluto[2094]:
| [1 is OAKLEY_PRESHARED_KEY]<BR>Apr 22 12:07:41 backup
pluto[2094]: | started looking for secret for 192.168.254.3->a.b.c.d of kind
PPK_PSK<BR>Apr 22 12:07:41 backup pluto[2094]: | actually looking for secret for
192.168.254.3->a.b.c.dof kind PPK_PSK<BR>Apr 22 12:07:41 backup pluto[2094]:
| 1: compared PSK a.b.c.d to 192.168.254.3 / a.b.c.d-> 0<BR>Apr 22
12:07:41 backup pluto[2094]: | 2: compared PSK 192.168.254.3 to 192.168.254.3 /
a.b.c.d-> 4<BR>Apr 22 12:07:41 backup pluto[2094]: | concluding with
best_match=0 best=(nil) (lineno=-1)<BR>Apr 22 12:07:41 backup pluto[2094]:
"linux1-linux2" #1: Can't authenticate: no preshared key found for
`192.168.254.3' and `a.b.c.d'. Attribute
OAKLEY_AUTHENTICATION_METHOD<BR>Apr 22 12:07:41 backup pluto[2094]:
"linux1-linux2" #1: no acceptable Oakley Transform<BR>Apr 22 12:07:41 backup
pluto[2094]: | complete state transition with (null)<BR>Apr 22 12:07:41 backup
pluto[2094]: "linux1-linux2" #1: sending notification NO_PROPOSAL_CHOSEN to
a.b.c.d:500<BR>Apr 22 12:07:41 backup pluto[2094]: "linux1-linux2" #1: failed to
build notification for spisize=0<BR>Apr 22 12:07:41 backup pluto[2094]: | state
transition function for STATE_MAIN_I1 failed: NO_PROPOSAL_CHOSEN<BR>Apr 22
12:07:41 backup pluto[2094]: | next event EVENT_PENDING_PHASE2 in 119
seconds<BR></DIV></SPAN></FONT>
<DIV> </DIV></FONT></DIV></BODY></HTML>